/**
  * generate voting-form
  */
 protected function generateVotingForm()
 {
     if (!$this->loggedInUser || $this->loggedInUser->id == $this->ratedUser->id) {
         return;
     }
     $strFields = '';
     $scoreError = false;
     $this->Template->formId = 'tl_comments_' . $this->id;
     $this->Template->action = \Environment::get('indexFreeRequest');
     $this->Template->enctype = 'application/x-www-form-urlencoded';
     $arrFields = array();
     $objComment = new \CommentsModel();
     // Build the form
     $arrFF = array('comment', 'score', 'captcha');
     foreach ($arrFF as $field) {
         $arrData =& $GLOBALS['TL_DCA']['tl_comments']['fields'][$field];
         $strClass = $GLOBALS['TL_FFL'][$arrData['inputType']];
         $arrData['eval']['tableless'] = 'true';
         $arrData['label'] = $GLOBALS['TL_LANG']['tl_comments'][$field][0];
         $varValue = '';
         $objWidget = new $strClass($strClass::getAttributesFromDca($arrData, $field, $varValue, '', '', $this));
         $objWidget->storeValues = true;
         // Validate the form data
         if (\Input::post('FORM_SUBMIT') == 'tl_comments_' . $this->id) {
             $objWidget->validate();
             $varValue = $objWidget->value;
             // check vor valid score interval
             if ($field == 'score') {
                 if (!mberegi('^(1|2|3|4|5)\\d{0}$', $varValue)) {
                     $doNotSubmit = true;
                     $scoreError = true;
                 }
             }
             // Do not submit the field if there are errors
             if ($objWidget->hasErrors()) {
                 $doNotSubmit = true;
             } elseif ($objWidget->submitInput()) {
                 $blnModified = true;
                 // Store the form data
                 $_SESSION['FORM_DATA'][$field] = $varValue;
                 // Set the correct empty value (see #6284, #6373)
                 if ($varValue === '') {
                     $varValue = $objWidget->getEmptyValue();
                 }
                 // Set the new value
                 if ($field !== 'captcha') {
                     $objComment->{$field} = $varValue;
                 }
             }
         }
         $temp = $objWidget->parse();
         // add a hidden field for the starrating
         if ($field == 'score') {
             $temp = '<input type="hidden" name="score" id="ctrl_score" value="">';
         }
         $strFields .= $temp;
         $arrFields[$field] = $temp;
     }
     // Save the model
     if ($doNotSubmit !== true && $blnModified && \Input::post('FORM_SUBMIT') == 'tl_comments_' . $this->id) {
         $objComment->owner = $this->loggedInUser->id;
         $objComment->dateOfCreation = time();
         $objComment->source = 'tl_member';
         $objComment->ip = \Environment::get('ip');
         $objComment->activation_token = md5(session_id() . time() . $this->loggedInUser->id);
         $objComment->parent = $this->ratedUser->id;
         $objComment->published = 0;
         $objComment->save();
         $this->log('A new entry "tl_comments.id=' . $objComment->id . '" has been created', __METHOD__, TL_GENERAL);
         // notify rated member
         if ($this->notifyRatedUser && $objComment->id > 0 && $objComment->comment != '') {
             $this->notifyUser($objComment);
         }
         $this->jumpToOrReload($this->jumpTo);
     }
     if ($scoreError) {
         $strFields = '<p class="error">Bitte eine g&uuml;ltige Punktzahl vergeben.</p>' . $strFields;
     }
     $this->Template->slabel = specialchars($GLOBALS['TL_LANG']['MSC']['saveData']);
     $this->Template->fields = $strFields;
     $this->Template->arrFields = $arrFields;
     // shit storm protection
     if ($this->blockingTime > 0) {
         $objRatings = $this->Database->prepare("SELECT * FROM tl_comments WHERE source = ? AND parent = ? AND owner = ? AND dateOfCreation > ? ORDER BY dateOfCreation DESC")->limit(1)->execute('tl_member', $this->ratedUser->id, $this->loggedInUser->id, time() - $this->blockingTime);
         if ($objRatings->numRows > 0) {
             $this->Template->commentFormLocked = true;
             $time = $this->blockingTime - (time() - $objRatings->dateOfCreation);
             $h = floor($time / 3600);
             $min = floor(($time / 3600 - $h) * 60);
             if ($time <= 60) {
                 $this->Template->commentFormLockedTime = $time . ' s';
             } else {
                 $this->Template->commentFormLockedTime = ($h > 0 ? $h . ' h  ' : '') . $min . ' min';
             }
         }
     }
 }
Пример #2
0
 /**
  * Notify the subscribers of new comments
  *
  * @param \CommentsModel $objComment
  */
 public static function notifyCommentsSubscribers(\CommentsModel $objComment)
 {
     // Notified already
     if ($objComment->notified) {
         return;
     }
     $objNotify = \CommentsNotifyModel::findActiveBySourceAndParent($objComment->source, $objComment->parent);
     // No subscriptions
     if ($objNotify === null) {
         return;
     }
     while ($objNotify->next()) {
         // Don't notify the commentor about his own comment
         if ($objNotify->email == $objComment->email) {
             continue;
         }
         // Prepare the URL
         $strUrl = \Idna::decode(\Environment::get('base')) . $objNotify->url;
         $objEmail = new \Email();
         $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
         $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
         $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_notifySubject'], \Idna::decode(\Environment::get('host')));
         $objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_notifyMessage'], $objNotify->name, $strUrl, $strUrl . '?token=' . $objNotify->tokenRemove);
         $objEmail->sendTo($objNotify->email);
     }
     $objComment->notified = 1;
     $objComment->save();
 }
Пример #3
0
 /**
  * Add comments to a template
  * @param \FrontendTemplate
  * @param \stdClass
  * @param string
  * @param integer
  * @param array
  */
 public function addCommentsToTemplate(\FrontendTemplate $objTemplate, \stdClass $objConfig, $strSource, $intParent, $arrNotifies)
 {
     global $objPage;
     $limit = 0;
     $offset = 0;
     $total = 0;
     $gtotal = 0;
     $arrComments = array();
     $objTemplate->comments = array();
     // see #4064
     // Pagination
     if ($objConfig->perPage > 0) {
         // Get the total number of comments
         $intTotal = \CommentsModel::countPublishedBySourceAndParent($strSource, $intParent);
         $total = $gtotal = $intTotal;
         // Get the current page
         $id = 'page_c' . $this->id;
         $page = \Input::get($id) ?: 1;
         // Do not index or cache the page if the page number is outside the range
         if ($page < 1 || $page > max(ceil($total / $objConfig->perPage), 1)) {
             global $objPage;
             $objPage->noSearch = 1;
             $objPage->cache = 0;
             // Send a 404 header
             header('HTTP/1.1 404 Not Found');
             $objTemplate->allowComments = false;
             return;
         }
         // Set limit and offset
         $limit = $objConfig->perPage;
         $offset = ($page - 1) * $objConfig->perPage;
         // Initialize the pagination menu
         $objPagination = new \Pagination($total, $objConfig->perPage, 7, $id);
         $objTemplate->pagination = $objPagination->generate("\n  ");
     }
     $objTemplate->allowComments = true;
     // Get all published comments
     if ($limit) {
         $objComments = \CommentsModel::findPublishedBySourceAndParent($strSource, $intParent, $limit, $offset);
     } else {
         $objComments = \CommentsModel::findPublishedBySourceAndParent($strSource, $intParent);
     }
     if ($objComments !== null && ($total = $objComments->count()) > 0) {
         $count = 0;
         if ($objConfig->template == '') {
             $objConfig->template = 'com_default';
         }
         $objPartial = new \FrontendTemplate($objConfig->template);
         while ($objComments->next()) {
             $objPartial->setData($objComments->row());
             // Clean the RTE output
             if ($objPage->outputFormat == 'xhtml') {
                 $objComments->comment = \String::toXhtml($objComments->comment);
             } else {
                 $objComments->comment = \String::toHtml5($objComments->comment);
             }
             $objPartial->comment = trim(str_replace(array('{{', '}}'), array('&#123;&#123;', '&#125;&#125;'), $objComments->comment));
             $objPartial->datim = $this->parseDate($objPage->datimFormat, $objComments->date);
             $objPartial->date = $this->parseDate($objPage->dateFormat, $objComments->date);
             $objPartial->class = ($count < 1 ? ' first' : '') . ($count >= $total - 1 ? ' last' : '') . ($count % 2 == 0 ? ' even' : ' odd');
             $objPartial->by = $GLOBALS['TL_LANG']['MSC']['comment_by'];
             $objPartial->id = 'c' . $objComments->id;
             $objPartial->timestamp = $objComments->date;
             $objPartial->datetime = date('Y-m-d\\TH:i:sP', $objComments->date);
             $objPartial->addReply = false;
             // Reply
             if ($objComments->addReply && $objComments->reply != '') {
                 if (($objAuthor = $objComments->getRelated('author')) !== null) {
                     $objPartial->addReply = true;
                     $objPartial->rby = $GLOBALS['TL_LANG']['MSC']['reply_by'];
                     $objPartial->reply = $this->replaceInsertTags($objComments->reply);
                     $objPartial->author = $objAuthor;
                     // Clean the RTE output
                     if ($objPage->outputFormat == 'xhtml') {
                         $objPartial->reply = \String::toXhtml($objPartial->reply);
                     } else {
                         $objPartial->reply = \String::toHtml5($objPartial->reply);
                     }
                 }
             }
             $arrComments[] = $objPartial->parse();
             ++$count;
         }
     }
     $objTemplate->comments = $arrComments;
     $objTemplate->addComment = $GLOBALS['TL_LANG']['MSC']['addComment'];
     $objTemplate->name = $GLOBALS['TL_LANG']['MSC']['com_name'];
     $objTemplate->email = $GLOBALS['TL_LANG']['MSC']['com_email'];
     $objTemplate->website = $GLOBALS['TL_LANG']['MSC']['com_website'];
     $objTemplate->commentsTotal = $limit ? $gtotal : $total;
     // Get the front end user object
     $this->import('FrontendUser', 'User');
     // Access control
     if ($objConfig->requireLogin && !BE_USER_LOGGED_IN && !FE_USER_LOGGED_IN) {
         $objTemplate->requireLogin = true;
         return;
     }
     // Form fields
     $arrFields = array('name' => array('name' => 'name', 'label' => $GLOBALS['TL_LANG']['MSC']['com_name'], 'value' => trim($this->User->firstname . ' ' . $this->User->lastname), 'inputType' => 'text', 'eval' => array('mandatory' => true, 'maxlength' => 64)), 'email' => array('name' => 'email', 'label' => $GLOBALS['TL_LANG']['MSC']['com_email'], 'value' => $this->User->email, 'inputType' => 'text', 'eval' => array('rgxp' => 'email', 'mandatory' => true, 'maxlength' => 128, 'decodeEntities' => true)), 'website' => array('name' => 'website', 'label' => $GLOBALS['TL_LANG']['MSC']['com_website'], 'inputType' => 'text', 'eval' => array('rgxp' => 'url', 'maxlength' => 128, 'decodeEntities' => true)));
     // Captcha
     if (!$objConfig->disableCaptcha) {
         $arrFields['captcha'] = array('name' => 'captcha', 'inputType' => 'captcha', 'eval' => array('mandatory' => true));
     }
     // Comment field
     $arrFields['comment'] = array('name' => 'comment', 'label' => $GLOBALS['TL_LANG']['MSC']['com_comment'], 'inputType' => 'textarea', 'eval' => array('mandatory' => true, 'rows' => 4, 'cols' => 40, 'preserveTags' => true));
     $doNotSubmit = false;
     $arrWidgets = array();
     $strFormId = 'com_' . $strSource . '_' . $intParent;
     // Initialize widgets
     foreach ($arrFields as $arrField) {
         $strClass = $GLOBALS['TL_FFL'][$arrField['inputType']];
         // Continue if the class is not defined
         if (!$this->classFileExists($strClass)) {
             continue;
         }
         $arrField['eval']['required'] = $arrField['eval']['mandatory'];
         $objWidget = new $strClass($this->prepareForWidget($arrField, $arrField['name'], $arrField['value']));
         // Validate the widget
         if (\Input::post('FORM_SUBMIT') == $strFormId) {
             $objWidget->validate();
             if ($objWidget->hasErrors()) {
                 $doNotSubmit = true;
             }
         }
         $arrWidgets[$arrField['name']] = $objWidget;
     }
     $objTemplate->fields = $arrWidgets;
     $objTemplate->submit = $GLOBALS['TL_LANG']['MSC']['com_submit'];
     $objTemplate->action = ampersand(\Environment::get('request'));
     $objTemplate->messages = '';
     // Backwards compatibility
     $objTemplate->formId = $strFormId;
     $objTemplate->hasError = $doNotSubmit;
     // Do not index or cache the page with the confirmation message
     if ($_SESSION['TL_COMMENT_ADDED']) {
         global $objPage;
         $objPage->noSearch = 1;
         $objPage->cache = 0;
         $objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['com_confirm'];
         $_SESSION['TL_COMMENT_ADDED'] = false;
     }
     // Add the comment
     if (!$doNotSubmit && \Input::post('FORM_SUBMIT') == $strFormId) {
         $strWebsite = $arrWidgets['website']->value;
         // Add http:// to the website
         if ($strWebsite != '' && !preg_match('@^(https?://|ftp://|mailto:|#)@i', $strWebsite)) {
             $strWebsite = 'http://' . $strWebsite;
         }
         // Do not parse any tags in the comment
         $strComment = htmlspecialchars(trim($arrWidgets['comment']->value));
         $strComment = str_replace(array('&amp;', '&lt;', '&gt;'), array('[&]', '[lt]', '[gt]'), $strComment);
         // Remove multiple line feeds
         $strComment = preg_replace('@\\n\\n+@', "\n\n", $strComment);
         // Parse BBCode
         if ($objConfig->bbcode) {
             $strComment = $this->parseBbCode($strComment);
         }
         // Prevent cross-site request forgeries
         $strComment = preg_replace('/(href|src|on[a-z]+)="[^"]*(contao\\/main\\.php|typolight\\/main\\.php|javascript|vbscri?pt|script|alert|document|cookie|window)[^"]*"+/i', '$1="#"', $strComment);
         $time = time();
         // Prepare the record
         $arrSet = array('source' => $strSource, 'parent' => $intParent, 'tstamp' => $time, 'name' => $arrWidgets['name']->value, 'email' => $arrWidgets['email']->value, 'website' => $strWebsite, 'comment' => $this->convertLineFeeds($strComment), 'ip' => $this->anonymizeIp(\Environment::get('ip')), 'date' => $time, 'published' => $objConfig->moderate ? '' : 1);
         $objComment = new \CommentsModel();
         $objComment->setRow($arrSet);
         $objComment->save();
         $insertId = $objComment->id;
         // HOOK: add custom logic
         if (isset($GLOBALS['TL_HOOKS']['addComment']) && is_array($GLOBALS['TL_HOOKS']['addComment'])) {
             foreach ($GLOBALS['TL_HOOKS']['addComment'] as $callback) {
                 $this->import($callback[0]);
                 $this->{$callback}[0]->{$callback}[1]($insertId, $arrSet, $this);
             }
         }
         // Notification
         $objEmail = new \Email();
         $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
         $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
         $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_subject'], \Environment::get('host'));
         // Convert the comment to plain text
         $strComment = strip_tags($strComment);
         $strComment = \String::decodeEntities($strComment);
         $strComment = str_replace(array('[&]', '[lt]', '[gt]'), array('&', '<', '>'), $strComment);
         // Add comment details
         $objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_message'], $arrSet['name'] . ' (' . $arrSet['email'] . ')', $strComment, \Environment::get('base') . \Environment::get('request'), \Environment::get('base') . 'contao/main.php?do=comments&act=edit&id=' . $insertId);
         // Do not send notifications twice
         if (is_array($arrNotifies)) {
             $arrNotifies = array_unique($arrNotifies);
         }
         $objEmail->sendTo($arrNotifies);
         // Pending for approval
         if ($objConfig->moderate) {
             $_SESSION['TL_COMMENT_ADDED'] = true;
         }
         $this->reload();
     }
 }